Physical and Digital Combined
Our technology era, Industry 4.0, is characterized as the mesh between physical and digital infrastructures. Its fabric is a morphing ecosystem where innovation, agility, and investments are essential to keep pace with new technologies and influences such as artificial intelligence, the internet of things, smart cities, big data, quantum technologies, and 5G. There is an unprecedented need for understanding the implications and promises of these technologies in both an economic and cybersecurity sense. The urgency of cybersecurity research and development (R&D) is directly related to how we adapt and flourish under the rapid changes of the Industry 4.0 landscape.
In the past few years, the connectivity of cyber devices and communications has grown exponentially. Most of us live and operate via our smartphones for work and leisure. By 2025, it is expected that there will be more than 30 billion IoT connections, almost 4 IoT devices per person on average connecting and interacting on these devices. State of the IoT 2020: 12 billion IoT connections (iot-analytics.com)
Counteracting Sophisticated Threats
The growing threat attack surface enabled by new technologies and automated hacker tools requires restructuring of priorities and missions. The cyber now includes various criminal enterprises and adversarial nation-states. Threat actor capabilities are becoming more targeted, persistent, and sophisticated with each year. As the sophistication of the threats grows, we must be able to continually counteract them.
Of course, nothing in the cyber world is invulnerable, but technologies can help monitor the threat landscape and serve as protective tools to keep us safer. On the White Hat technology side, new advances in artificial intelligence and machine learning, quantum computing, identity management/ authentication, software assurance, real-time monitoring and diagnostics, end-point security can be assets to help deter and sometimes neutralize cybercriminals.
Underestimating Threats and Playing Catch Up
Understanding the new threat environment and bringing technology tools to networks and devices is not an easy task as both government and industry are playing catch up from years of underfunded science and technology research and development in cybersecurity. The gap is the result of business models not placing a high priority on digital security, by economic constraints, and especially by underestimating the threats. Also, to be fair, few anticipated the rapid pace of technological transformation and connectivity that has exponentially changed our world.
Investment in research and development has become imperative for a safer cybersecurity future. Government R&D investments are an integral part of the cyberattack mitigation equation and have been directly correlated to counter security threats to supply chains and critical infrastructures that are of national security importance.
Government Funding for Cybersecurity
The government also funds research programs directly that provide grants to academia and institutions for basic and applied research that will create the next generation of ideas and inventions. Investments in the science & technology for cybersecurity at agencies and national labs are indispensable for securing the future.
The mandated Federal Cybersecurity Research and Development Strategic Plan outlines the challenges and the need for strong R&D. “As currently deployed, the Internet places both public and private sectors at a disadvantage versus cybercriminals and other malicious adversaries. Advances in cybersecurity are urgently needed to preserve the Internet’s societal and economic benefits by establishing a position of assurance and trust for cyber systems and professionals. Strategic R&D investments by the Federal Government can contribute to advances in cybersecurity, help secure the cyberspace, and ultimately, strengthen the U.S. economy.”
The plan notes that The National Cyber Strategy and FY 2021 Research and Development Budget Priorities Memorandum established areas as priorities for cybersecurity and related R&D They include:
- Maintaining military superiority supported by advanced cyber capabilities derived from new computing and technology paradigms.
- Improving the security and resilience of the Nation’s critical infrastructure.
- Maintaining leadership in artificial intelligence (AI) and quantum information science (QIS) and advancing a secure computational infrastructure and ecosystem.3
- Developing advanced communications networks and R&D to secure networks and manage wireless spectrum.
- Maintaining leadership in semiconductor design, including assured access to advanced microelectronics.
- Prioritizing initiatives that provide education and job opportunities in science, technology, engineering, mathematics, and computer science to a wide spectrum of American students and workers.
Public-Private Partnership
Public-private partnerships by government and industry that fund projects in closer coordination are the best formula that will allow for more focused and more capable technology development, especially critical infrastructure that has been under recent cyberattacks. Most of the cybersecurity critical infrastructure including, defense, oil and gas, electric power grids, healthcare, utilities, communications, transportation, banking, and finance is owned by the private sector and regulated by the public sector so cooperation is vital.
Because of the potential ominous consequences of the threat, the US government has called for additional resources and collaboration dedicated to protecting critical infrastructure. On May 11, 2017, White House Executive Order 13800 was issued “to improve the Nation’s cyber posture and capabilities in the face of intensifying cybersecurity threats. Protecting the combined OT/IT operating systems of critical infrastructure is a top priority.
R&D investments are a major component of building a successful pipeline and bringing innovative products to market. Bridging private sector funding and research between government and the private sector will allow for a more focused and capable pipeline and reduce redundancy. According to the firm Momentum Cyber, there has been $11.5 billion in total venture capital financing into cybersecurity startups in the first half of 2021 compared to $4.7 billion during the same period a year earlier. This highlights the global urgency for acquiring new cybersecurity capabilities and the need for new technologies and approaches.
The trend is that more funding is going to commercializing new products and companies. Research company Gartner analyzed specific cybersecurity spending of $72.5 billion in 2021 that includes: applications, the cloud, data, identity access management, infrastructure protection, integrated risk management, network security equipment, security services, consumer security software, and hardware support. $72.5 billion this year. (Please see graph below)
New NIST Standards
It is certainly welcome news that public-private cooperation cybersecurity efforts are expanding in a variety of areas. The administration just announced that the National Institute of Standards and Technology (NIST) will collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain. Also in August, DHS/CISA Director, Jen Easterly, announced the establishment of the “Joint Cyber Defense Collaborative (JCDC).” According to Director Easterly, the JCDC will:
- Share insight to shape our understanding of cyber defense challenges and opportunities
- Design whole-of-nation cyber defense plans to address risks
- Support joint exercises to improve cyber defense operations
- Implement coordinated defensive cyber operations
The JCDC is a welcome initiative for bolstering both government and industry cybersecurity capabilities. The new entity will focus on gaps in shared situation awareness and threat analysis, especially toward threat aimed and the U.S. critical infrastructure.
There are few areas of cybersecurity that do not need more research and development, including network security, application security, cloud security, device security, and data security. The evolving connectivity of the Industry 4.0 landscape and growing cyberthreat environment are real challenges but science & technology ingenuity and public-private cooperation are sure paths to better success.